<APIManager xmlns:svns="http://org.wso2.securevault/configuration">
    <!-- JNDI name of the data source to be used by the API publisher, API Developer Portal and API
         key manager. This data source should be defined in the master-datasources.xml file
         in conf/datasources directory. -->
    <DataSourceName>{{apim.datasource.name}}</DataSourceName>

    <!-- This parameter is used when adding api management capability to other products like GReg, AS, DSS etc.-->
    <GatewayType>{{apim.gateway_type}}</GatewayType>

    <!-- This parameter is used to enable the securevault support when try to publish endpoint secured APIs. Values should be "true" or "false".
    By default secure vault is disabled.-->
    <EnableSecureVault>{{apim.enable_secure_vault}}</EnableSecureVault>

    <!-- This parameter is used to enable mutual tls based authentication support for APIs, when this is disabled,
    APIs will be protected with OAuth2 security-->
    <EnableMTLSForAPIs>true</EnableMTLSForAPIs>

    <!-- Authentication manager configuration for Admin Portal. This is a required configuration as its user
    authentication logic relies on this. -->
    <AuthManager>
        <!-- Server URL of the Authentication service -->
        <ServerURL>https://localhost:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
        <!-- Admin username for the Authentication manager. -->
        <Username>${admin.username}</Username>
        <!-- Admin password for the Authentication manager. -->
        <Password>${admin.password}</Password>
        <!-- Indicates whether the permissions checking of the user (on the Publisher and Developer Portal) should be done
           via a remote service. The check will be done on the local server when false. -->
        <CheckPermissionsRemotely>false</CheckPermissionsRemotely>
    </AuthManager>

    {% if apim.idp is defined %}
    <IdentityProvider>
        <!-- Server URL of the Identity Provider used for login/logout operations in API Publisher and API Developer Portal -->
        <AuthorizeEndpoint>{{apim.idp.authorize_endpoint}}</AuthorizeEndpoint>
        <OIDCLogoutEndpoint>{{apim.idp.oidc_logout_endpoint}}</OIDCLogoutEndpoint>
    </IdentityProvider>
    {% endif %}

    <JWTConfiguration>
        <!-- Enable/Disable JWT generation. Default is false. -->
        <EnableJWTGeneration>{{apim.jwt.enable}}</EnableJWTGeneration>

        <!-- Name of the security context header to be added to the validated requests. -->
        <JWTHeader>{{apim.jwt.header}}</JWTHeader>

        <!-- Fully qualified name of the class that will retrieve additional user claims
             to be appended to the JWT. If not specified no claims will be appended.If user wants to add all user claims in the
             jwt token, he needs to enable this parameter.
             The DefaultClaimsRetriever class adds user claims from the default carbon user store. -->
        {% if apim.jwt.enable_user_claims %}
        <ClaimsRetrieverImplClass>{{apim.jwt.claims_extractor_impl}}</ClaimsRetrieverImplClass>
        {% else %}
        <!--ClaimsRetrieverImplClass>org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever</ClaimsRetrieverImplClass-->
        {% endif %}

        <!-- The dialectURI under which the claimURIs that need to be appended to the
             JWT are defined. Not used with custom ClaimsRetriever implementations. The
             same value is used in the keys for appending the default properties to the
             JWT. -->
        <ConsumerDialectURI>{{apim.jwt.claim_dialect}}</ConsumerDialectURI>

        <!-- Signature algorithm. Accepts "SHA256withRSA" or "NONE". To disable signing explicitly specify "NONE". -->
        <SignatureAlgorithm>{{apim.jwt.signing_algorithm}}</SignatureAlgorithm>

        <!-- This parameter specifies which implementation should be used for generating the Token. JWTGenerator is the
	     default implementation provided. -->
        {% if apim.jwt.generator_impl is defined %}
        <JWTGeneratorImpl>{{apim.jwt.generator_impl}}</JWTGeneratorImpl>
        {% else %}
        <JWTGeneratorImpl>org.wso2.carbon.apimgt.keymgt.token.JWTGenerator</JWTGeneratorImpl>
        {% endif %}
        <!-- This parameter specifies which implementation should be used for generating the Token. For URL safe JWT
             Token generation the implementation is provided in URLSafeJWTGenerator -->
        <!--<JWTGeneratorImpl>org.wso2.carbon.apimgt.keymgt.token.URLSafeJWTGenerator</JWTGeneratorImpl>-->
        <GatewayJWTGeneration>
            <ImplClass>{{apim.jwt.gateway_generator.impl}}</ImplClass>
            <Configuration>
            <Claims>
                {%- for claim in apim.jwt.gateway_generator.claims -%}
                <Claim>{{claim}}</Claim>
                {% endfor %}
            </Claims>
            </Configuration>
        </GatewayJWTGeneration>
    </JWTConfiguration>

    <!-- Primary/secondary login configuration for API Developer Portal. If user likes to keep two login attributes in a distributed setup, to login the API Developer Portal,
		he should configure this section. Primary login doesn't have a claimUri associated with it. But secondary login, which is a claim attribute,
		is associated with a claimuri.-->
    <!--LoginConfig>
        <UserIdLogin  primary="true">
            <ClaimUri></ClaimUri>
        </UserIdLogin>
        <EmailLogin  primary="false">
            <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
        </EmailLogin>
    </LoginConfig-->

    <!-- Credentials for the API gateway admin server. This configuration
         is mainly used by the API publisher and API Developer Portal to connect to the API gateway and
         create/update published API configurations. -->
    <APIGateway>
        <!-- The environments to which an API will be published -->
        <Environments>
            <!-- Environments can be of different types. Allowed values are 'hybrid', 'production' and 'sandbox'.
                 An API deployed on a 'production' type gateway will only support production keys
                 An API deployed on a 'sandbox' type gateway will only support sandbox keys
                 An API deployed on a 'hybrid' type gateway will support both production and sandbox keys. -->
            <!-- api-console element specifies whether the environment should be listed in API Console or not -->
            {% for environment_name in apim.gateway.environment%}
            <Environment type="{{environment_name.type}}" api-console="{{environment_name.display_in_api_console}}" isDefault="{{environment_name.show_as_token_endpoint_url}}">
                <Name>{{environment_name.name}}</Name>
                <Description>{{environment_name.description}}</Description>
                <!-- Server URL of the API gateway -->
                <ServerURL>{{environment_name.service_url}}</ServerURL>
                <!-- Admin username for the API gateway. -->
                <Username>{{environment_name.username}}</Username>
                <!-- Admin password for the API gateway.-->
                <Password>{{environment_name.password}}</Password>
                <!-- Endpoint URLs for the APIs hosted in this API gateway.-->
                {% if environment_name.http_endpoint is defined and environment_name.https_endpoint is defined %}
                <GatewayEndpoint>{{environment_name.https_endpoint}},{{environment_name.http_endpoint}}</GatewayEndpoint>
                {% elif environment_name.http_endpoint is not defined and environment_name.https_endpoint is defined %}
                <GatewayEndpoint>{{environment_name.https_endpoint}}</GatewayEndpoint>
                {% elif environment_name.http_endpoint is defined and environment_name.https_endpoint is not defined %}
                <GatewayEndpoint>{{environment_name.http_endpoint}}</GatewayEndpoint>
                {% else %}
                <GatewayEndpoint></GatewayEndpoint>
                {% endif %}
                <!-- Endpoint URLs of the WebSocket APIs hosted in this API Gateway -->
                {% if environment_name.ws_endpoint is defined and environment_name.wss_endpoint is defined %}
                <GatewayWSEndpoint>{{environment_name.ws_endpoint}},{{environment_name.wss_endpoint}}</GatewayWSEndpoint>
                {% elif environment_name.ws_endpoint is not defined and environment_name.wss_endpoint is defined %}
                <GatewayWSEndpoint>{{environment_name.wss_endpoint}}</GatewayWSEndpoint>
                {% elif environment_name.ws_endpoint is defined and environment_name.wss_endpoint is not defined %}
                <GatewayWSEndpoint>{{environment_name.ws_endpoint}}</GatewayWSEndpoint>
                {% else %}
                <GatewayWSEndpoint></GatewayWSEndpoint>
                {% endif %}
            </Environment>
            {% endfor %}
        </Environments>
    </APIGateway>

    <TokenIssuers>
    {%- for issuer_1 in apim.jwt.issuer -%}
    <TokenIssuer issuer ="{{issuer_1.name}}">
    {% if issuer_1.jwks is defined %}
      <JWKSConfiguration>
        <URL>{{issuer_1.jwks.url}}</URL>
      </JWKSConfiguration>
    {% endif %}
      <ClaimMappings>
      {%- for claim in issuer_1.claim_mapping -%}
         <ClaimMapping>
           <RemoteClaim>{{claim.remote_claim}}</RemoteClaim>
           <LocalClaim>{{claim.local_claim}}</LocalClaim>
         </ClaimMapping>
      {% endfor %}
      </ClaimMappings>
      </TokenIssuer>
    {% endfor %}
    </TokenIssuers>

    <CacheConfigurations>
	    <!-- Enable/Disable token caching at the Gateway-->
        <EnableGatewayTokenCache>{{apim.cache.gateway_token.enable}}</EnableGatewayTokenCache>
	    <!-- Enable/Disable API resource caching at the Gateway-->
        <EnableGatewayResourceCache>{{apim.cache.resource.enable}}</EnableGatewayResourceCache>
        <!-- Enable/Disable API key validation information caching at key-management server -->
        <EnableKeyManagerTokenCache>{{apim.cache.km_token.enable}}</EnableKeyManagerTokenCache>
        <!-- This parameter specifies whether Recently Added APIs will be loaded from the cache or not.
             If there are multiple API modification during a short time period, better to disable cache. -->
        <EnableRecentlyAddedAPICache>{{apim.cache.recent_apis.enable}}</EnableRecentlyAddedAPICache>
        <!-- This parameter specifies whether scopes are taken from cache or not. If you are modifying application
        subscriptions frequently, modifying the user roles frequently or updating the subscribed APIs frequently, it
        is better to turn-off this cache-->
        <EnableScopeCache>{{apim.cache.scopes.enable}}</EnableScopeCache>
        <!-- This indicates whether the role cache need to enabled in the publisher. If this is disabled, there will
        be a call to key manager to all the calls to API publisher APIs. It is highly recommended to enable this
        cache. However, if the system is in a state, where the role addition and deletion happens seamlessly, the
        cache will be in in-valid state.-->
        <EnablePublisherRoleCache>{{apim.cache.publisher_roles.enable}}</EnablePublisherRoleCache>
        <!-- Enable/Disable token caching at the Product REST APIs-->
        <EnableRESTAPITokenCache>{{apim.cache.restapi_token.enable}}</EnableRESTAPITokenCache>
	    <!-- JWT claims Cache expiry in seconds -->
        {% if apim.cache.jwt_claim.expiry_time is defined %}
        <JWTClaimCacheExpiry>{{apim.cache.jwt_claim.expiry_time}}</JWTClaimCacheExpiry>
        {% endif %}
        <!-- Expiry time for the apim key mgt validation info cache -->
        {% if apim.cache.token_expiry_time is defined %}
        <TokenCacheExpiry>{{apim.cache.token_expiry_time}}</TokenCacheExpiry>
        {% endif %}
        <!-- Expiry time for the resource cache  -->
        {% if apim.cache.resource.expiry_time is defined %}
        <GatewayResourceCacheExpiry>{{apim.cache.resource.expiry_time}}</GatewayResourceCacheExpiry>
        {% endif %}
        <!-- Expiry time for the apim REST API token cache -->
        {% if apim.cache.restapi_token.expiry_time is defined %}
        <RESTAPITokenCacheExpiry>{{apim.cache.restapi_token.expiry_time}}</RESTAPITokenCacheExpiry>
        {% endif %}
        <!-- This parameter specifies the expiration time of the TagCache. TagCache will
             only be created when this element is uncommented. When the specified
             time duration gets elapsed ,tag cache will get re-generated. -->
        <!--change to expiray-->
        {% if apim.cache.tags.expiry_time is defined %}
        <TagCacheDuration>{{apim.cache.tags.expiry_time}}</TagCacheDuration>
        {% endif %}
        <!-- JWT Claim cache can be disabled only if below config <EnableJWTClaimCache> is set as 'false'. The default
          value is 'true'.
          Other than this config, also <EnableGatewayTokenCache> and <EnableKeyManagerTokenCache> should have been set
          as 'false' to completely disable JWTClaimCache.
         -->
        <EnableJWTClaimCache>{{apim.cache.jwt_claim.enable}}</EnableJWTClaimCache>
    </CacheConfigurations>

    <!--
        API usage tracker configuration used by the StreamProcessor data publisher and
        Google Analytics publisher in API gateway.
    -->
    <Analytics>
        <!-- Enable Analytics for API Manager -->
        <Enabled>{{apim.analytics.enable}}</Enabled>
        <!-- Server URL of the remote StreamProcessor server used to collect statistics. Must
             be specified in protocol://hostname:port/ format.

             An event can also be published to multiple Receiver Groups each having 1 or more receivers. Receiver
             Groups are delimited by curly braces whereas receivers are delimited by commas.
             Ex - Multiple Receivers within a single group
             tcp://localhost:7612/,tcp://localhost:7613/,tcp://localhost:7614/

             Ex - Multiple Receiver Groups with two receivers each
             {tcp://localhost:7612/,tcp://localhost:7613},{tcp://localhost:7712/,tcp://localhost:7713/} -->
        {% if apim.analytics.receiver_urls is defined %}
        <StreamProcessorServerURL>{{apim.analytics.receiver_urls}}</StreamProcessorServerURL>
        {% elif apim.analytics.url_group is defined %}
        <StreamProcessorServerURL>
            {%- for group in apim.analytics.url_group -%}
            {%- if group.type == "loadbalance" -%}
            { {{- group.analytics_url.toList()|join(',') -}} }
            {%- else -%}{ {{- group.analytics_url.toList()|join('|') -}} }
            {%- endif -%}
            {{- "," if not loop.last -}}
            {%- endfor -%}
        </StreamProcessorServerURL>
        {% else %}
        <StreamProcessorServerURL>{tcp://localhost:7612}</StreamProcessorServerURL>
        {% endif %}


        {% if apim.analytics.receiver_auth_urls is defined %}
        <StreamProcessorAuthServerURL>{{apim.analytics.receiver_auth_urls}}</StreamProcessorAuthServerURL>
        {% elif apim.analytics.url_group is defined%}
        <StreamProcessorAuthServerURL>
            {%- for group in apim.analytics.url_group -%}
            {%- if group.type == "loadbalance" -%}
            { {{- group.analytics_auth_url.toList()|join(',') -}} }
            {%- else -%}{ {{- group.analytics_auth_url.toList()|join('|') -}} }
            {%- endif -%}
            {{- "," if not loop.last -}}
            {%- endfor -%}
        </StreamProcessorAuthServerURL>
        {% endif %}
        <!-- Administrator username to login to the remote StreamProcessor server. -->
        <StreamProcessorUsername>{{apim.analytics.receiver_username}}</StreamProcessorUsername>

        <!-- Administrator password to login to the remote StreamProcessor server. -->
        <StreamProcessorPassword>{{apim.analytics.receiver_password}}</StreamProcessorPassword>

        <!-- For APIM implemented Statistic client for RDBMS -->
        <StatsProviderImpl>{{apim.analytics.provider_impl}}</StatsProviderImpl>

        <!-- StreamProcessor REST API configuration -->
        <StreamProcessorRestApiURL>{{apim.analytics.store_api_url}}</StreamProcessorRestApiURL>

        <StreamProcessorRestApiUsername>{{apim.analytics.store_api_username}}</StreamProcessorRestApiUsername>

        <StreamProcessorRestApiPassword>{{apim.analytics.store_api_password}}</StreamProcessorRestApiPassword>

        <!-- Below property is used to skip trying to connect to event receiver nodes when publishing events even if
            the stats enabled flag is set to true. -->
        <SkipEventReceiverConnection>false</SkipEventReceiverConnection>

        <!--Skip workflow data publisher initiation and even publishing-->
        <SkipWorkflowEventPublisher>true</SkipWorkflowEventPublisher>

        <!-- API Usage Data Publisher. -->
        <PublisherClass>{{apim.analytics.event_publisher_impl}}</PublisherClass>

        <!-- If below property set to true,then the response message size will be calculated and publish
             with each successful API invocation event. -->
        <PublishResponseMessageSize>{{apim.analytics.publish_response_size}}</PublishResponseMessageSize>
        <!-- Data publishing stream names and versions of API requests, responses and faults. If the default values
            are changed, the toolbox also needs to be changed accordingly. -->

        <Streams>
            <Request>
                <Name>org.wso2.apimgt.statistics.request</Name>
                <Version>3.1.0</Version>
            </Request>
            <Fault>
                <Name>org.wso2.apimgt.statistics.fault</Name>
                <Version>3.1.0</Version>
            </Fault>
            <Throttle>
                <Name>org.wso2.apimgt.statistics.throttle</Name>
                <Version>3.1.0</Version>
            </Throttle>
            <Workflow>
                <Name>org.wso2.apimgt.statistics.workflow</Name>
                <Version>1.0.0</Version>
            </Workflow>
            <AlertTypes>
                <Name>org.wso2.analytics.apim.alertStakeholderInfo</Name>
                <Version>1.0.1</Version>
            </AlertTypes>
            <botData>
                <Name>org.wso2.botDetectionData.request.stream</Name>
                <Version>1.0.0</Version>
            </botData>
        </Streams>

    </Analytics>

    <!--
        API key validator configuration used by API key manager (IS), API Developer Portal and API gateway.
        API gateway uses it to validate and authenticate users against the provided API keys.
    -->
    <APIKeyValidator>
        <!-- Server URL of the API key manager -->
        <ServerURL>{{apim.key_manager.service_url}}</ServerURL>

        <!-- Admin username for API key manager. -->
        <Username>{{apim.key_manager.username}}</Username>
        <!-- Admin password for API key manager. -->
        <Password>{{apim.key_manager.password}}</Password>

        <!-- Configurations related to enable thrift support for key-management related communication.
             If you want to switch back to Web Service Client, change the value of "KeyValidatorClientType" to "WSClient".
             In a distributed environment;
             -If you are at the Gateway node, you need to point "ThriftClientPort" value to the "ThriftServerPort" value given at KeyManager node.
             -If you need to start two API Manager instances in the same machine, you need to give different ports to "ThriftServerPort" value in two nodes.
             -ThriftServerHost - Allows to configure a hostname for the thrift server. It uses the carbon hostname by default.
	         -The Gateway uses this parameter to connect to the key validation thrift service. -->
        <KeyValidatorClientType>WSClient</KeyValidatorClientType>
        <ConnectionPool>
            <MaxIdle>{{apim.key_manager.pool.max_idle}}</MaxIdle>
            <InitIdleCapacity>{{apim.key_manager.pool.init_idle_capacity}}</InitIdleCapacity>
        </ConnectionPool>
        <!-- Specifies the implementation to be used for KeyValidationHandler. Steps for validating a token can be controlled by plugging in a
             custom KeyValidation Handler -->
        <KeyValidationHandlerClassName>{{apim.key_manager.key_validation_handler_impl}}</KeyValidationHandlerClassName>
       {% if apim.jwt.expiry_time is defined %}
        <JWTExpiryTime>{{apim.jwt.expiry_time}}</JWTExpiryTime>
       {% endif %}
    </APIKeyValidator>

    <!-- Uncomment this section only if you are going to have an instance other than KeyValidator as your KeyManager.
         Unless a ThirdParty KeyManager is used, you don't need to configure this section. -->
    {% if apim.key_manager.key_manager_client_impl is defined %}
    <APIKeyManager>
        <KeyManagerClientImpl>{{apim.key_manager.key_manager_client_impl}}</KeyManagerClientImpl>
        <Configuration>
           {% for property_name,property_value in apim.key_manager.configuration.items() %}
           <{{property_name}}>{{property_value}}</{{property_name}}>
           {% endfor %}
        </Configuration>
    </APIKeyManager>
    {% else %}
    <!--APIKeyManager>
        <KeyManagerClientImpl>org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl</KeyManagerClientImpl>
        <Configuration>
            <ServerURL>https://localhost:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
            <Username>${admin.username}</Username>
            <Password>${admin.password}</Password>
            <TokenURL>https://${carbon.local.ip}:${https.nio.port}/token</TokenURL>
            <RevokeURL>https://${carbon.local.ip}:${https.nio.port}/revoke</RevokeURL>
        </Configuration>
    </APIKeyManager-->
    {% endif %}

    <OAuthConfigurations>
        <!-- Remove OAuth headers from outgoing message. -->
        <RemoveOAuthHeadersFromOutMessage>{{not apim.oauth_config.enable_outbound_auth_header}}</RemoveOAuthHeadersFromOutMessage>
        {% if apim.oauth_config.scope_issuer is defined %}
        <ScopeIssuer>{{apim.oauth_config.scope_issuer}}</ScopeIssuer>
        {% endif %}
        {% if apim.oauth_config.set_jwt_as_opaque_token is defined %}
        <!-- Consider incoming jwt token as an opaque token. -->
        <JWTAsOpaqueToken>{{apim.oauth_config.set_jwt_as_opaque_token}}</JWTAsOpaqueToken>
        {% endif %}
        {% if apim.oauth_config.auth_header is defined %}
        <!--Authorization header-->
        <AuthorizationHeader>{{apim.oauth_config.auth_header}}</AuthorizationHeader>
        {% endif %}
        <!-- Scope used for marking Application Tokens. If a token is generated with this scope, they will be treated as Application Access Tokens -->
        <ApplicationTokenScope>{{apim.oauth_config.default_app_scope}}</ApplicationTokenScope>
        <!-- All  scopes under the ScopeWhitelist element are not validating against roles that has assigned to it.
             By default ^device_.* and openid scopes have been white listed internally. -->
        <ScopeWhitelist>
        {%for scope in apim.oauth_config.white_listed_scopes%}
            <Scope>{{scope}}</Scope>
        {% endfor %}
        </ScopeWhitelist>

        <!-- Name of the token API -->
        <TokenEndPointName>/oauth2/token</TokenEndPointName>
        <!-- This the API URL for revoke API. When we revoke tokens revoke requests should go through this
             API deployed in API gateway. Then it will do cache invalidations related to revoked tokens.
             In distributed deployment we should configure this property in key manager node by pointing
             gateway https( /http, we recommend users to use 'https' endpoints for security purpose) url.
             Also please note that we should point gateway revoke service to key manager -->
        <RevokeAPIURL>{{apim.oauth_config.revoke_endpoint}}</RevokeAPIURL>
        <!-- Whether to encrypt tokens when storing in the Database
        Note: If changing this value to true, change the value of <TokenPersistenceProcessor> to
        org.wso2.carbon.identity.oauth.tokenprocessor.EncryptionDecryptionPersistenceProcessor in the identity.xml -->
        <EncryptPersistedTokens>{{apim.oauth_config.enable_token_encryption}}</EncryptPersistedTokens>
        <!-- Whether to hash the tokens when storing in the Database
        Note: If changing this value to true, change the value of <TokenPersistenceProcessor> to
        org.wso2.carbon.identity.oauth.tokenprocessor.HashingPersistenceProcessor and change the value of
        <EnableClientSecretHash> to true in the identity.xml -->
        <EnableTokenHashMode>{{apim.oauth_config.enable_token_hashing}}</EnableTokenHashMode>
    </OAuthConfigurations>

    <TokenRevocationNotifiers class="{{apim.token.revocation.notifier_impl}}">
        {% if apim.token.revocation.enable_realtime_notifier %}
        <RealtimeNotifier>
            {% for key,value in apim.token.revocation.realtime_notifier.items() %}
            <Property name="{{key}}">{{value}}</Property>
            {% endfor %}
        </RealtimeNotifier>
        {% endif %}
        {% if apim.token.revocation.enable_persistent_notifier %}
        <PersistentNotifier>
            {% for key,value in apim.token.revocation.persistent_notifier.items() %}
            <Property name="{{key}}">{{value}}</Property>
            {% endfor %}
        </PersistentNotifier>
        {% endif %}
    </TokenRevocationNotifiers>

    <!-- Settings related to managing API access tiers. -->
    <TierManagement>
        <!-- Enable the providers to expose their APIs over the special 'Unlimited' tier which
             basically disables tier based throttling for the specified APIs. -->
        <EnableUnlimitedTier>true</EnableUnlimitedTier>
    </TierManagement>

    <!-- API Developer Portal Related Configurations -->
    <APIStore>
        {% if apim.devportal.enable_application_sharing%}
            {% if apim.devportal.application_sharing_impl is defined %}
        <GroupingExtractor>{{apim.devportal.application_sharing_impl}}</GroupingExtractor>
        <RESTApiGroupingExtractor>{{apim.devportal.application_sharing_impl}}</RESTApiGroupingExtractor>
            {% else %}
        <GroupingExtractor>org.wso2.carbon.apimgt.impl.DefaultGroupIDExtractorImpl</GroupingExtractor>
        <RESTApiGroupingExtractor>org.wso2.carbon.apimgt.impl.DefaultGroupIDExtractorImpl</RESTApiGroupingExtractor>
            {% endif %}
        {% endif %}
        <DefaultGroupExtractorClaimUri>{{apim.devportal.application_sharing_claim}}</DefaultGroupExtractorClaimUri>
        <!--This property is used to indicate how we do user name comparision for token generation https://wso2.org/jira/browse/APIMANAGER-2225-->
        <CompareCaseInsensitively>{{apim.devportal.login_username_case_insensitive}}</CompareCaseInsensitively>
        <DisplayURL>false</DisplayURL>
        <URL>{{apim.devportal.url}}</URL>

        <!-- Server URL of the API Developer Portal. -->
        <ServerURL>https://localhost:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
        <!-- Admin username for API Developer Portal. -->
        <Username>${admin.username}</Username>

        <!-- Admin password for API Developer Portal. -->
        <Password>${admin.password}</Password>
        <!-- This parameter specifies whether to display multiple versions of same
             API or only showing the latest version of an API. -->
        <DisplayMultipleVersions>{{apim.devportal.display_multiple_versions}}</DisplayMultipleVersions>
        <!-- This parameter specifies whether to display all the APIs
             [which are having DEPRECATED/PUBLISHED status] or only display the APIs
             with having their status is as 'PUBLISHED' -->
        <DisplayAllAPIs>{{apim.devportal.display_deprecated_apis}}</DisplayAllAPIs>
        <!-- Uncomment this to limit the number of APIs in api the API Developer Portal -->
        <!--APIsPerPage>5</APIsPerPage-->

        <!-- This parameter specifies whether to display the comment editing facility or not.
             Default is "true". If user wants to disable, he must set this param as "false" -->
        <DisplayComments>{{apim.devportal.enable_comments}}</DisplayComments>

        <!-- This parameter specifies whether to display the ratings  or not.
             Default is "true". If user wants to disable, he must set this param as "false" -->
        <DisplayRatings>{{apim.devportal.enable_ratings}}</DisplayRatings>

        <!--set isStoreForumEnabled to false for disable forum in API Developer Portal-->
        <isStoreForumEnabled>{{apim.devportal.enable_forum}}</isStoreForumEnabled>

        <!--This parameter specifies whether Provisioning Out-of-Band OAuth Clients is enabled-->
        <MapExistingAuthApps>{{apim.devportal.enable_key_provisioning}}</MapExistingAuthApps>

        <!--This parameter specifies the alias value of the Api Key which will be used for Api Key Authentication-->
        <ApiKeyAlias>{{apim.devportal.api_key_alias}}</ApiKeyAlias>
    </APIStore>

    <APIPublisher>
        <DisplayURL>false</DisplayURL>
        <URL>https://localhost:${mgt.transport.https.port}/publisher</URL>
        <!-- This parameter specifies enabling the capability of setting API documentation level granular visibility levels.
             By default any document associate with an API will have the same permissions set as the API.With enabling below
             property,it will show two additional permission levels as visible only to all registered users in a particular
             domain or only visible to API doc creator -->
        <EnableAPIDocVisibilityLevels>{{apim.publisher.enable_api_doc_visibility}}</EnableAPIDocVisibilityLevels>
        <!-- Uncomment this to limit the number of APIs in api the API Publisher -->
        <!--APIsPerPage>30</APIsPerPage-->
        <!-- This property need to be enabled to enable the publisher access control support -->
        <EnableAccessControl>true</EnableAccessControl>
    </APIPublisher>

    <!-- Status observers can be registered against the API Publisher to listen for
         API status update events. Each observer must implement the APIStatusObserver
         interface. Multiple observers can be engaged if necessary and in such situations
         they will be notified in the order they are defined here.
         This configuration is unused from API Manager version 1.10.0 -->
    <!--StatusObservers>
        <Observer>org.wso2.carbon.apimgt.impl.observers.SimpleLoggingObserver</Observer>
    </StatusObservers-->

    <!-- Configuration to enable/disable sending CORS headers in the Gateway response
         and define the Access-Control-Allow-Origin header value.-->
    <CORSConfiguration>
        <!-- Configuration to enable/disable sending CORS headers from the Gateway-->
        <Enabled>{{apim.cors.enable}}</Enabled>

        <!-- The value of the Access-Control-Allow-Origin header. Default values are
             API Developer Portal addresses, which is needed for swagger to function. -->
        <Access-Control-Allow-Origin>{% for origin in apim.cors.allow_origins %}{{origin}}{{ "," if not loop.last }}{% endfor %}</Access-Control-Allow-Origin>

        <!-- Configure Access-Control-Allow-Methods -->
        <Access-Control-Allow-Methods>{% for method in apim.cors.allow_methods %}{{method}}{{ "," if not loop.last }}{% endfor %}</Access-Control-Allow-Methods>

        <!-- Configure Access-Control-Allow-Headers -->
        <Access-Control-Allow-Headers>{% for header in apim.cors.allow_headers %}{{header}}{{ "," if not loop.last }}{% endfor %}</Access-Control-Allow-Headers>

        <!-- Configure Access-Control-Allow-Credentials -->
        <!-- Specifying this header to true means that the server allows cookies (or other user credentials) to be included on cross-origin requests.
             It is false by default and if you set it to true then make sure that the Access-Control-Allow-Origin header does not contain the wildcard (*) -->
        <Access-Control-Allow-Credentials>{{apim.cors.allow_credentials}}</Access-Control-Allow-Credentials>
    </CORSConfiguration>

    <!-- This property is there to configure velocity log output into existing Log4j carbon Logger.
         You can enable this and set preferable Logger name. -->
    <!-- VelocityLogger>VELOCITY</VelocityLogger -->

    <RESTAPI>
        <!--Configure white-listed URIs of REST API. Accessing white-listed URIs does not require credentials (does not require Authorization header). -->
        <WhiteListedURIs>
         {% if apim.rest_api.whitelisted_uri is defined %}
            {% for uri in apim.rest_api.whitelisted_uri %}
                <WhiteListedURI>
                <URI>{{uri.uri_path}}</URI>
                <HTTPMethods>{{uri.http_method}}</HTTPMethods>
                </WhiteListedURI>
            {% endfor %}
         {% endif %}
             <WhiteListedURI>
                <URI>/api/am/store/{version}/tenants</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
             </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/publisher/{version}/swagger.json</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/swagger.json</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/admin/{version}/swagger.json</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/publisher/{version}/swagger.yaml</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/swagger.yaml</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/admin/{version}/swagger.yaml</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/apis</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/apis/{apiId}</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/apis/{apiId}/swagger</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/apis/{apiId}/wsdl</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/apis/{apiId}/comments</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                 <URI>/api/am/store/{version}/apis/{apiId}/graphql-schema</URI>
                 <HTTPMethods>GET</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/apis/{apiId}/documents</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/apis/{apiId}/documents/{documentId}</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/apis/{apiId}/documents/{documentId}/content</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/apis/{apiId}/thumbnail</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/api-products</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/api-products/{apiId}</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/api-products/{apiId}/swagger</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/api-products/{apiId}/documents</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/api-products/{apiId}/documents/{documentId}</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/api-products/{apiId}/documents/{documentId}/content</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/api-products/{apiId}/thumbnail</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/tags</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/tiers/{tierLevel}</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/tiers/{tierLevel}/{tierName}</URI>
                <HTTPMethods>GET,HEAD</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/search</URI>
                <HTTPMethods>GET</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/settings</URI>
                <HTTPMethods>GET</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/publisher/{version}/settings</URI>
                <HTTPMethods>GET</HTTPMethods>
            </WhiteListedURI>
            <WhiteListedURI>
                <URI>/api/am/store/{version}/api-categories</URI>
                <HTTPMethods>GET</HTTPMethods>
            </WhiteListedURI>
        </WhiteListedURIs>
        <ETagSkipList>
            <ETagSkipURI>
                <URI>/api/am/store/{version}/apis</URI>
                <HTTPMethods>GET</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/store/{version}/apis/generate-sdk</URI>
                <HTTPMethods>POST</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/store/{version}/apis/{apiId}/documents</URI>
                <HTTPMethods>GET</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/store/{version}/applications</URI>
                <HTTPMethods>GET</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/store/{version}/applications/generate-keys</URI>
                <HTTPMethods>POST</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/store/{version}/subscriptions</URI>
                <HTTPMethods>GET,POST</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/store/{version}/tags</URI>
                <HTTPMethods>GET</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/store/{version}/tiers/{tierLevel}</URI>
                <HTTPMethods>GET</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/store/{version}/tiers/{tierLevel}/{tierName}</URI>
                <HTTPMethods>GET</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/apis</URI>
                <HTTPMethods>GET,POST</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/apis/{apiId}</URI>
                <HTTPMethods>GET,DELETE,PUT</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/apis/{apiId}/swagger</URI>
                <HTTPMethods>GET,PUT</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/apis/{apiId}/thumbnail</URI>
                <HTTPMethods>GET,POST</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/apis/{apiId}/change-lifecycle</URI>
                <HTTPMethods>POST</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/apis/{apiId}/copy-api</URI>
                <HTTPMethods>POST</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/applications/{applicationId}</URI>
                <HTTPMethods>GET</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/apis/{apiId}/documents</URI>
                <HTTPMethods>GET,POST</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/apis/{apiId}/documents/{documentId}/content</URI>
                <HTTPMethods>GET,POST</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/apis/{apiId}/documents/{documentId}</URI>
                <HTTPMethods>GET,PUT,DELETE</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/environments</URI>
                <HTTPMethods>GET</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/subscriptions</URI>
                <HTTPMethods>GET</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/subscriptions/block-subscription</URI>
                <HTTPMethods>POST</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/subscriptions/{subscriptionId}</URI>
                <HTTPMethods>GET</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/subscriptions/unblock-subscription</URI>
                <HTTPMethods>POST</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/tiers/{tierLevel}</URI>
                <HTTPMethods>GET,POST</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/tiers/{tierLevel}/{tierName}</URI>
                <HTTPMethods>GET,PUT,DELETE</HTTPMethods>
            </ETagSkipURI>
            <ETagSkipURI>
                <URI>/api/am/publisher/{version}/tiers/update-permission</URI>
                <HTTPMethods>POST</HTTPMethods>
            </ETagSkipURI>
        </ETagSkipList>
    </RESTAPI>
    <ThrottlingConfigurations>
        <EnableAdvanceThrottling>{{apim.throttling.enable_advanced_throttling}}</EnableAdvanceThrottling>
        <TrafficManager>
            <Type>{{apim.throttling.event_type}}</Type>


            {% if apim.throttling.receiver_url is defined %}
            <ReceiverUrlGroup>{{apim.throttling.receiver_url}}</ReceiverUrlGroup>
            {% elif apim.throttling.url_group is defined%}
            <ReceiverUrlGroup>
            {%- for group in apim.throttling.url_group -%}
                {%- if group.type == "loadbalance" -%}
            { {{- group.traffic_manager_urls.toList()|join(',') -}} }
                {%- else -%}{ {{- group.traffic_manager_urls.toList()|join('|') -}} }
                {%- endif -%}
                {{- "," if not loop.last -}}
            {%- endfor -%}
            </ReceiverUrlGroup>
            {%- else -%}
            <ReceiverUrlGroup>tcp://${carbon.local.ip}:${receiver.url.port}</ReceiverUrlGroup>
            {% endif %}


            {% if apim.throttling.receiver_auth_url is defined %}
            <AuthUrlGroup>{{apim.throttling.receiver_auth_url}}</AuthUrlGroup>
            {% elif apim.throttling.url_group is defined%}
            <AuthUrlGroup>
                {%- for group in apim.throttling.url_group -%}
                {%- if group.type == "loadbalance" -%}
                { {{- group.traffic_manager_auth_urls.toList()|join(',') -}} }
                {%- else -%}{ {{- group.traffic_manager_auth_urls.toList()|join('|') -}} }
                {%- endif -%}
                {{- "," if not loop.last -}}
                {%- endfor -%}
            </AuthUrlGroup>
            {% else %}
            <AuthUrlGroup>ssl://${carbon.local.ip}:${auth.url.port}</AuthUrlGroup>
            {% endif %}
            <Username>{{apim.throttling.receiver_username}}</Username>
            <Password>{{apim.throttling.receiver_password}}</Password>
        </TrafficManager>
        <DataPublisher>
            <Enabled>{{apim.throttling.enable_data_publishing}}</Enabled>
            <DataPublisherPool>
                <MaxIdle>{{apim.throttling.publisher.max_idle}}</MaxIdle>
                <InitIdleCapacity>{{apim.throttling.publisher.init_idle_size}}</InitIdleCapacity>
            </DataPublisherPool>
            <DataPublisherThreadPool>
                <CorePoolSize>{{apim.throttling.publisher.pool_size}}</CorePoolSize>
                <MaxmimumPoolSize>{{apim.throttling.publisher.max_pool_size}}</MaxmimumPoolSize>
                <KeepAliveTime>{{apim.throttling.publisher.keep_alive_time}}</KeepAliveTime>
            </DataPublisherThreadPool>
        </DataPublisher>
        <PolicyDeployer>
            <Enabled>{{apim.throttling.enable_policy_deploy}}</Enabled>
            <ServiceURL>{{apim.throttling.service_url}}</ServiceURL>
            <Username>{{apim.throttling.policy_deploy.username}}</Username>
            <Password>{{apim.throttling.policy_deploy.password}}</Password>
        </PolicyDeployer>
        <BlockCondition>
            <Enabled>{{apim.throttling.enable_blacklist_condition}}</Enabled>
            {% if apim.throttling.blacklist_condition.start_delay is defined %}
            <InitDelay>{{apim.throttling.blacklist_condition.start_delay}}</InitDelay>
            {% endif %}
            {% if apim.throttling.blacklist_condition.period is defined %}
            <Period>{{apim.throttling.blacklist_condition.period}}</Period>
            {% endif %}
        </BlockCondition>
        <JMSConnectionDetails>
            <Enabled>{{apim.throttling.enable_decision_connection}}</Enabled>
            {% if apim.throttling.jms.start_delay is defined %}
            <InitDelay>{{apim.throttling.jms.start_delay}}</InitDelay>
            {% endif %}
            <JMSConnectionParameters>
                <transport.jms.ConnectionFactoryJNDIName>{{apim.throttling.jms.conn_jndi_name}}</transport.jms.ConnectionFactoryJNDIName>
                <transport.jms.DestinationType>{{apim.throttling.jms.destination_type}}</transport.jms.DestinationType>
                <java.naming.factory.initial>{{apim.throttling.jms.java_naming_factory_initial}}</java.naming.factory.initial>
                {% if apim.throttling.jms.topic_connection_factory is defined %}
                <connectionfactory.TopicConnectionFactory>{{apim.throttling.jms.topic_connection_factory}}</connectionfactory.TopicConnectionFactory>
                {% elif apim.throttling.throttle_decision_endpoints is defined %}
                <connectionfactory.TopicConnectionFactory>amqp://{{apim.throttling.jms.username}}:{{apim.throttling.jms.password}}@clientid/carbon?brokerlist='{% for url in apim.throttling.throttle_decision_endpoints %}{{url}}?retries='5'%26connectdelay='50';{% endfor %}'</connectionfactory.TopicConnectionFactory>
                {% else %}
                <connectionfactory.TopicConnectionFactory>amqp://${admin.username}:${admin.password}@clientid/carbon?brokerlist='tcp://${carbon.local.ip}:${jms.port}'</connectionfactory.TopicConnectionFactory>
                {% endif %}
            </JMSConnectionParameters>
        </JMSConnectionDetails>

        <!--DefaultLimits>
            <SubscriptionTierLimits>
                <Gold>5000</Gold>
                <Silver>2000</Silver>
                <Bronze>1000</Bronze>
                <Unauthenticated>60</Unauthenticated>
            </SubscriptionTierLimits>
            <ApplicationTierLimits>
                <50PerMin>50</50PerMin>
                <20PerMin>20</20PerMin>
                <10PerMin>10</10PerMin>
            </ApplicationTierLimits>
            <ResourceLevelTierLimits>
                <50KPerMin>50000</50KPerMin>
                <20KPerMin>20000</20KPerMin>
                <10KPerMin>10000</10KPerMin>
            </ResourceLevelTierLimits>
        </DefaultLimits-->
        <EnableUnlimitedTier>{{apim.throttling.enable_unlimited_tier}}</EnableUnlimitedTier>
        <EnableHeaderConditions>{{apim.throttling.enable_header_based_throttling}}</EnableHeaderConditions>
        <EnableJWTClaimConditions>{{apim.throttling.enable_jwt_claim_based_throttling}}</EnableJWTClaimConditions>
        <EnableQueryParamConditions>{{apim.throttling.enable_query_param_based_throttling}}</EnableQueryParamConditions>
    </ThrottlingConfigurations>

    <WorkflowConfigurations>
        <Enabled>{{apim.workflow.enable}}</Enabled>
    	<ServerUrl>{{apim.workflow.service_url}}</ServerUrl>
    	<ServerUser>{{apim.workflow.wf_engine_user}}</ServerUser>
    	<ServerPassword>{{apim.workflow.wf_engine_pass}}</ServerPassword>
    	<WorkflowCallbackAPI>{{apim.workflow.callback_endpoint}}</WorkflowCallbackAPI>
        <TokenEndPoint>{{apim.workflow.token_endpoint}}</TokenEndPoint>
        <DCREndPoint>{{apim.workflow.client_registration_endpoint}}</DCREndPoint>
        <DCREndPointUser>{{apim.workflow.client_registration_username}}</DCREndPointUser>
        <DCREndPointPassword>{{apim.workflow.client_registration_password}}</DCREndPointPassword>
    </WorkflowConfigurations>

    <SwaggerCodegen>
        <ClientGeneration>
            <GroupId>{{apim.sdk.group_id}}</GroupId>
            <ArtifactId>{{apim.sdk.artifact_id}}</ArtifactId>
            <ModelPackage>{{apim.sdk.model_package}}</ModelPackage>
            <ApiPackage>{{apim.sdk.api_package}}</ApiPackage>
            <!-- Configure supported languages/Frameworks as comma separated values,
             Supported Languages/Frameworks : android, java, scala, csharp, dart, flash, groovy, javascript, jmeter,
             nodejs, perl, php, python, ruby, swift, clojure, asyncScala, csharpDotNet2-->
            <SupportedLanguages>{{apim.sdk.supported_languages.toList()|join(',')}}</SupportedLanguages>
        </ClientGeneration>
    </SwaggerCodegen>

    <!--Specify the implementation class of the monetization interface-->
    <Monetization>
        <MonetizationImpl>{{apim.monetization.monetization_impl}}</MonetizationImpl>
        <UsagePublisher>
            <Granularity>{{apim.monetization.granularity}}</Granularity>
            <!--Number of days to reduce from the current time to get the last publish time of monetization
            usgae publish job, when there is no record of the last publish time.-->
            <PublishTimeDurationInDays>{{apim.monetization.publish_duration}}</PublishTimeDurationInDays>
        </UsagePublisher>
        {% if apim.monetization.additional_attributes is defined %}
            <AdditionalAttributes>
               {% for attribute in apim.monetization.additional_attributes %}
               <Attribute required="{{attribute.required}}">
                   <Name>{{attribute.name}}</Name>
                   <DisplayName>{{attribute.display_name}}</DisplayName>
                   <Description>{{attribute.description}}</Description>
                   <Default>{{attribute.default}}</Default>
               </Attribute>
               {% endfor %}
            </AdditionalAttributes>
        {% endif %}
    </Monetization>

    {% if apim.devportal.recommendations is defined %}
    <APIRecommendations>
        <recommendationAPI>{{apim.devportal.recommendations.recommendations_api}}</recommendationAPI>
        {% if apim.devportal.recommendations.oauth_endpoint is defined %}
        <authenticationEndpoint>{{apim.devportal.recommendations.oauth_endpoint}}</authenticationEndpoint>
        {% endif %}
        {% if apim.devportal.recommendations.consumer_key is defined %}
        <consumerKey>{{apim.devportal.recommendations.consumer_key}}</consumerKey>
        <consumerSecret>{{apim.devportal.recommendations.consumer_secret}}</consumerSecret>
        {% endif %}
        {% if apim.devportal.recommendations.max_recommendations is defined %}
        <maxRecommendations>{{apim.devportal.recommendations.max_recommendations}}</maxRecommendations>
        {% endif %}
        {% if apim.devportal.recommendations.apply_for_all_tenants is defined %}
        <applyForAllTenants>{{apim.devportal.recommendations.apply_for_all_tenants}}</applyForAllTenants>
        {% endif %}
        {% if apim.devportal.recommendations.wait_duration is defined %}
        <waitDuration>{{apim.devportal.recommendations.wait_duration}}</waitDuration>
        {% endif %}
        {% if apim.devportal.recommendations.username is defined %}
        <userName>{{apim.devportal.recommendations.username}}</userName>
        <password>{{apim.devportal.recommendations.password}}</password>
        {% endif %}
    </APIRecommendations>
    {% endif %}

    <OpenTracer>
        <RemoteTracer>
            <Enabled>{{apim.open_tracer.remote_tracer.enable}}</Enabled>
            <Name>{{apim.open_tracer.remote_tracer.name}}</Name>
            <Properties>
                <HostName>{{apim.open_tracer.remote_tracer.properties.hostname}}</HostName>
                <Port>{{apim.open_tracer.remote_tracer.properties.port}}</Port>
            </Properties>
        </RemoteTracer>
        <LogTracer>
            <Enabled>{{apim.open_tracer.log_tracer.enable}}</Enabled>
        </LogTracer>
    </OpenTracer>

    {% if security_audit is defined %}
        <APISecurityAudit>
            <APIToken>{{security_audit.api_token}}</APIToken>
            <CollectionID>{{security_audit.collection_id}}</CollectionID>
            <BaseUrl>{{security_audit.base_url}}</BaseUrl>
            <Global>{{security_audit.global}}</Global>
        </APISecurityAudit>
    {% endif %}

    {% if apim.devportal.application_attributes is defined %}
    <ApplicationConfiguration>
        <ApplicationAttributes>
            {% for attribute in apim.devportal.application_attributes %}
            <Attribute Required="{{attribute.required}}" Hidden="{{attribute.hidden}}">
                <Name>{{attribute.name}}</Name>
                <Description>{{attribute.description}}</Description>
                <Default>{{attribute.default}}</Default>
            </Attribute>
            {% endfor %}
        </ApplicationAttributes>
    </ApplicationConfiguration>
    {% endif %}

    {% if apim.ai_security is defined %}
    <AISecurityHandler>
        {% if apim.ai_security.operation_mode is defined %}
        <OperationMode>{{apim.ai_security.operation_mode}}</OperationMode>
        {% endif %}
        {% if apim.ai_security.apply_for_all is defined %}
        <ApplyForAllAPIs>{{apim.ai_security.apply_for_all}}</ApplyForAllAPIs>
        {% endif %}
        {% if apim.ai_security.cash_expiry_time is defined %}
        <CacheExpiryTime>{{apim.ai_security.cash_expiry_time}}</CacheExpiryTime>
        {% endif %}
        <APISecurityEnforcer>
            <EndPoint>{{apim.ai_security.sideband_request_endpoint}}</EndPoint>
            <ASEToken>{{apim.ai_security.ase_token}}</ASEToken>
            {% if apim.ai_security.model_creation_endpoint is defined %}
            <ModelCreationEndpoint>
                <EndPoint>{{apim.ai_security.model_creation_endpoint}}</EndPoint>
                <AccessKey>{{apim.ai_security.access_key}}</AccessKey>
                <SecretKey>{{apim.ai_security.secret_key}}</SecretKey>
            </ModelCreationEndpoint>
            {% endif %}
        </APISecurityEnforcer>
        {% if apim.ai_security.data_publisher is defined %}
        <DataPublisher>
            {% if apim.ai_security.data_publisher.max_per_route is defined %}
            <MaxPerRoute>{{apim.ai_security.data_publisher.max_per_route}}</MaxPerRoute>
            {% endif %}
            {% if apim.ai_security.data_publisher.max_open_connections is defined %}
            <MaxOpenConnections>{{apim.ai_security.data_publisher.max_open_connections}}</MaxOpenConnections>
            {% endif %}
            {% if apim.ai_security.data_publisher.connection_timeout is defined %}
            <ConnectionTimeout>{{apim.ai_security.data_publisher.connection_timeout}}</ConnectionTimeout>
            {% endif %}
        </DataPublisher>
        {% endif %}
        {% if apim.ai_security.threadpool_executor is defined %}
        <ThreadPoolExecutor>
            {% if apim.ai_security.threadpool_executor.core_pool_size is defined %}
            <CorePoolSize>{{apim.ai_security.threadpool_executor.core_pool_size}}</CorePoolSize>
            {% endif %}
            {% if apim.ai_security.threadpool_executor.max_pool_size is defined %}
            <MaximumPoolSize>{{apim.ai_security.threadpool_executor.max_pool_size}}</MaximumPoolSize>
            {% endif %}
            {% if apim.ai_security.threadpool_executor.keep_alive_time is defined %}
            <KeepAliveTime>{{apim.ai_security.threadpool_executor.keep_alive_time}}</KeepAliveTime>
            {% endif %}
        </ThreadPoolExecutor>
        {% endif %}
        {% if apim.ai_security.stack_object_pool is defined %}
        <StackObjectPool>
            {% if apim.ai_security.stack_object_pool.max_idle is defined %}
            <MaxIdle>{{apim.ai_security.stack_object_pool.max_idle}}</MaxIdle>
            {% endif %}
            {% if apim.ai_security.stack_object_pool.init_idle_capacity is defined %}
            <InitIdleCapacity>{{apim.ai_security.stack_object_pool.init_idle_capacity}}</InitIdleCapacity>
            {% endif %}
        </StackObjectPool>
        {% endif %}
        {% if apim.ai_security.limit_transport_headers is defined %}
        <LimitTransportHeaders>
            {% for attribute in apim.ai_security.limit_transport_headers %}
            <Header>{{attribute}}</Header>
            {% endfor %}
        </LimitTransportHeaders>
        {% endif %}
    </AISecurityHandler>
    {% endif %}

    {% if apim.skip_roles_by_regex is defined %}
    <skipRolesByRegex>{{apim.skip_roles_by_regex.regex}}</skipRolesByRegex>
    {% endif %}

    <JWTAuthentication>
        <EnableSubscriptionValidationViaKeyManager>{{apim.jwt_authenitcation.subscription_validation_via_km}}</EnableSubscriptionValidationViaKeyManager>
    </JWTAuthentication>
    <CertificateReLoaderConfiguration>
        <Period>{{apim.certificate_reloader.period}}</Period>
    </CertificateReLoaderConfiguration>
        <MutualSSL>
            <ClientCertificateHeader>{{apimgt.mutual_ssl.certificate_header}}</ClientCertificateHeader>
            <EnableClientCertificateValidation>{{apimgt.mutual_ssl.enable_client_validation}}</EnableClientCertificateValidation>
        </MutualSSL>
</APIManager>
